picoCTF Solutions
picoCTF 2019CryptographyMedium

la cifra de

Published: April 2, 2026

Description

I found this cipher in an old book. Can you figure out what it says? Connect to the server to receive the ciphertext.

Setup

Remote

Connect to the server to receive the Vigenere-encrypted ciphertext.

Solution

  1. Step 1Identify the cipher
    The ciphertext uses only letters and preserves word spacing, which is characteristic of a Vigenere cipher. The challenge title 'la cifra de' refers to Blaise de Vigenere, who popularized this polyalphabetic substitution cipher.
    Learn more

    The Vigenere cipher is a polyalphabetic substitution cipher invented in the 16th century and long considered unbreakable -- it was called le chiffre indéchiffrable (the indecipherable cipher) for nearly three centuries. It works by applying a series of Caesar ciphers using successive letters of a repeating keyword: the first letter of the key shifts the first letter of the plaintext, the second key letter shifts the second plaintext letter, and so on, cycling through the key.

    Key identifying characteristics of Vigenere ciphertext:

    • Only alphabetic characters are shifted; spaces, punctuation, and numbers are often left unchanged
    • Letter frequency distribution is more uniform than a Caesar cipher but less uniform than random (Index of Coincidence falls between 0.038 and 0.065)
    • Repeated sequences of letters in the ciphertext hint at the key length (Kasiski examination)

    The challenge title is a direct historical reference -- Blaise de Vigenere (1523–1596) described the cipher in his 1586 Traicté des Chiffres. It was actually invented earlier by Giovan Battista Bellaso in 1553, but Vigenere's name stuck. Understanding historical cipher names helps quickly identify cipher types in CTF challenges.

  2. Step 2Determine the key length with Index of Coincidence
    Use the Index of Coincidence (IoC) method: try slicing the ciphertext into every nth letter and compute letter frequency statistics. When n equals the key length, the frequency profile looks like natural English (IoC ~0.065) rather than uniform random (IoC ~0.038). Tools like dCode.fr's Vigenere solver automate this step.
    Learn more

    The Index of Coincidence (IoC) measures how likely two randomly chosen letters from a text are to be the same. For natural English, this is about 0.065 (because common letters like E, T, A appear frequently). For uniformly random text, it is about 0.038 (1/26). For a Caesar cipher (monoalphabetic), IoC equals the English value because the frequency distribution is merely shifted. For Vigenere with a long random key, IoC approaches 0.038.

    Key length determination: For each candidate key length k, split the ciphertext into k groups (letters at positions 0, k, 2k, ... form group 0; positions 1, k+1, 2k+1, ... form group 1; etc.). Compute the IoC of each group. When k equals the true key length, each group consists of letters all shifted by the same Caesar amount, so each group's IoC is close to English (0.065). When k is wrong, the groups mix multiple shifts and the IoC drops toward 0.038.

    An alternative key length technique is Kasiski examination: find repeated trigrams (3-letter sequences) in the ciphertext and compute the distances between them. The GCD of those distances is likely the key length, since repetitions arise when the same plaintext aligns with the same key position.

  3. Step 3Recover the key and decrypt
    Once the key length is known, treat each column of letters (positions 0, k, 2k, ...) as a Caesar cipher and use frequency analysis to recover each key character. The most common letter in each column likely corresponds to 'e'. Paste the ciphertext into dCode.fr Vigenere Solver or use a Python library for automated recovery.
    Learn more

    With the key length established, frequency analysis recovers each key character independently. Each column of letters (all encrypted with the same Caesar shift) has its own frequency distribution. In English, the most common letter is 'e' (frequency ~12.7%). If the most common letter in column i is, say, 'J', then the key character for position i likely shifts 'e' (position 4) to 'J' (position 9), giving a shift of 5 and key letter 'F'.

    Practical tools for automated Vigenere cryptanalysis:

    • dCode.fr -- web-based Vigenere solver with automated key recovery
    • CyberChef -- "Vigenere Decode" operation (requires known key)
    • Python pycipher -- library with Vigenere implementation
    • quipqiup.com -- general substitution cipher solver using frequency analysis

    The Vigenere cipher was broken by Charles Babbage in the 1840s (unpublished) and Friedrich Kasiski in 1863. Today, any repeating-key cipher is trivially broken by these methods. This is why modern symmetric encryption (AES, ChaCha20) generates a unique keystream for each message and uses keys much longer than the message.

Flag

picoCTF{...}

Vigenere is broken when the key is much shorter than the message -- frequency analysis per key position reveals each character of the key.

More Cryptography